Hackers take aim at iCloud users

Written By andika jamanta on Rabu, 10 September 2014 | 23.58

Cyber-thieves are exploiting the furore around iCloud by launching a phishing campaign that seeks to steal Apple IDs.

ICloud was at the centre of the stolen celebrity photo scandal last week as many of the images were grabbed by hackers that targeted the service.

Apple has responded by beefing up the security that notifies people when their iCloud account is accessed.

Attackers are now sending out bogus notification messages to trick people in to handing over login details.

The criminal gang behind the phishing email messages runs the Kelihos/Waledac botnet, said Symantec in a blogpost about the cyber-attack. A botnet is a large network of compromised computers used for a wide variety of cybercrimes, including sending out spam or mining victims' machines for saleable data.

The phishing campaign revolves around an email which appears to be from Apple and which claims that a song has been bought on iTunes via a person's Apple account. The message said the purchase was made from a device not previously used by that account and that the internet address used by whoever bought the track is in Volgograd, Russia.

Those receiving the bogus warning emails are asked to click on a link to verify their Apple ID. Clicking through to the page behind the link would put confidential data at risk, said the security firm.

"This page masquerades as an Apple website and asks the user to submit their Apple ID and password," it said. "If the victim does so, the attackers will presumably harvest their credentials for exploit or resale."

Symantec said users should be wary of any email claiming that online accounts need to be updated or changed. It also urged people to avoid clicking on links in messages and use security software that can spot or block phishing scams.

The campaign comes soon after Apple changed its iCloud notification system to do more to alert users about what is happening to their accounts. Alerts are now being sent when there is an attempt to change a password on iCloud accounts, when iCloud is used to download data to reset a device and when a login from a new device takes place.

In addition, noted the MacRumors website, Apple is now alerting people when iCloud accounts are accessed via a web browser.